Vulnerability Details CVE-2002-1252
The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811
- http://www.iss.net/security_center/static/10520.php
- http://www.securityfocus.com/bid/6647
- http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811
- http://www.iss.net/security_center/static/10520.php
- http://www.securityfocus.com/bid/6647
Products affected by CVE-2002-1252
-
cpe:2.3:a:peoplesoft:peopletools:8.14
-
cpe:2.3:a:peoplesoft:peopletools:8.15
-
cpe:2.3:a:peoplesoft:peopletools:8.16
-
cpe:2.3:a:peoplesoft:peopletools:8.17
-
cpe:2.3:a:peoplesoft:peopletools:8.18